Steve Alder writes: Several dermatology practices have recently announced data breaches following an attack on their management company. The number of attacks reported this year by dermatology practices suggests they are being targeted by one or more threat actors. In May 2025, DermCare Management, a Florida-based company that provides support services for dermatologists and dermatology…
Category: Health Data
UK: Physiotherapist who accessed patient’s personal data to visit her home is struck off
The PA News Agency reports: A medical professional who used a patient’s personal data to visit her home with a gift while working as a vaccinator has been struck off the register. Josep Bofill Blanch, who was a registered physiotherapist employed by NHS Grampian in north-east Scotland, met the woman and gave her an injection when…
Genoa Community Hospital discloses breach discovered in March
Genoa Community Hospital, aka Genoa Medical Facilities (“Genoa“) in Nebraska has issued a press release concerning a breach involving patient data. According to the release, in March 2025, Genoa learned of unusual activity involving one employee email account. The release does not indicate when the breach actually occurred or how the attacker gained access to…
WA: Cyber-attacks problem for small hospitals
We often hear about the challenges rural hospitals face in preventing and responding to cyberattacks. Here’s an article that provides some numbers for context. Don Gronning reports: Small hospitals have been a target of cyber criminals, hospital district CEO Kim Manus told Pend Oreille Hospital District No. 1 commissioners at their regular meeting Thursday, July…
Two Data Breaches in Three Years: McKenzie Health
SuspectFile reports: Between 2022 and 2025, McKenzie Health System, which operates the McKenzie Memorial Hospital in rural Michigan, was hit by two major data breaches. Combined, the attacks compromised the personal and medical information of more than 79,000 patients. Although the incidents are technically distinct, they reveal a troubling pattern of systemic vulnerabilities and raise critical questions about the resilience of smaller…
Infinite Services notifying employees and patients of limited ransomware attack
On May 5, 2025, Infinite Services in New York became aware of suspicious activity when employees were unable to log into the network. “Several servers were off, but one remained on which had an extension from the threat actor group,” external counsel SpencerFane informed the New Hampshire Attorney General. “The electricity was unplugged from the…